Package: ruby1.9.1 | Debian Sources

Package: ruby1.9.1 / 1.9.3.194-8.1+deb7u5

Metadata

Package	Version	Patches format
ruby1.9.1	1.9.3.194-8.1+deb7u5	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
909_update_lib_README.diff \| (download)	lib/README \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	---
100731_disable tests.diff \| (download)	bootstraptest/test_io.rb \| 44 22 + 22 - 0 ! bootstraptest/test_thread.rb \| 30 15 + 15 - 0 ! 2 files changed, 37 insertions(+), 37 deletions(-)	disable two tests that are problematic on freebsd Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590002 First test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543805 and upstream bug http://redmine.ruby-lang.org/issues/show/2008 Second test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542927 and upstream bug http://redmine.ruby-lang.org/issues/show/2025 It was fixed, but is now timing dependent.
903_skip_base_ruby_check.diff \| (download)	configure.in \| 2 0 + 2 - 0 ! 1 file changed, 2 deletions(-)	---
20100829 rubygems_disable_update_system.diff \| (download)	lib/rubygems/commands/update_command.rb \| 4 4 + 0 - 0 ! test/rubygems/test_gem_commands_update_command.rb \| 12 6 + 6 - 0 ! 2 files changed, 10 insertions(+), 6 deletions(-)	---
20100829 rubygems_default_dir.diff \| (download)	lib/rubygems/defaults.rb \| 57 33 + 24 - 0 ! test/rubygems/test_gem.rb \| 4 2 + 2 - 0 ! 2 files changed, 35 insertions(+), 26 deletions(-)	---
110720_tcltk_disable_rpath.diff \| (download)	ext/tk/extconf.rb \| 12 6 + 6 - 0 ! 1 file changed, 6 insertions(+), 6 deletions(-)	---
090729_fix_Makefile_deps.diff \| (download)	common.mk \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
090803_exclude_rdoc.diff \| (download)	common.mk \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
110825 run tests verbose.patch \| (download)	common.mk \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	run tests in verbose mode
110825 tests_broken_as_root.patch \| (download)	test/gdbm/test_gdbm.rb \| 4 2 + 2 - 0 ! test/test_find.rb \| 2 2 + 0 - 0 ! 2 files changed, 4 insertions(+), 2 deletions(-)	add some description
110829 freebsd_assert_normal_exit.patch \| (download)	bootstraptest/runner.rb \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	---
110829 hurd_dirent_usage.patch \| (download)	configure.in \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	---
hurd path max.diff \| (download)	addr2line.c \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	---
20120517 r35434.patch \| (download)	lib/drb/ssl.rb \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
20120927 cve_2011_1005.patch \| (download)	error.c \| 8 1 + 7 - 0 ! test/ruby/test_exception.rb \| 51 51 + 0 - 0 ! 2 files changed, 52 insertions(+), 7 deletions(-)	prevent untainted strings from being incorrectly tainted This flaw allowed untainted strings to be tainted and modified, even in safe level 4.
CVE 2012 4522.patch \| (download)	file.c \| 3 3 + 0 - 0 ! test/ruby/test_file.rb \| 10 10 + 0 - 0 ! 2 files changed, 13 insertions(+)	path name must not contain nul bytes. This is a fix for CVE-2012-4522.
20121120 cve 2012 5371.diff \| (download)	common.mk \| 3 2 + 1 - 0 ! random.c \| 23 23 + 0 - 0 ! siphash.c \| 483 483 + 0 - 0 ! siphash.h \| 48 48 + 0 - 0 ! string.c \| 6 0 + 6 - 0 ! 5 files changed, 556 insertions(+), 7 deletions(-)	replace hash implementation to avoid dos attacks This patch fixes CVE-2012-5371 Bug-Debian: http://bugs.debian.org/693024
CVE 2013 0256.patch \| (download)	lib/rdoc/generator/template/darkfish/js/darkfish.js \| 16 9 + 7 - 0 ! 1 file changed, 9 insertions(+), 7 deletions(-)	[patch] * lib/rdoc: import rdoc 3.9.5. NOTE: This patch includes only main correctios.
CVE 2013 0269.patch \| (download)	ext/json/lib/json/add/core.rb \| 9 6 + 3 - 0 ! ext/json/lib/json/common.rb \| 17 12 + 5 - 0 ! ext/json/parser/parser.c \| 36 18 + 18 - 0 ! ext/json/parser/parser.rl \| 5 4 + 1 - 0 ! test/json/test_json.rb \| 24 22 + 2 - 0 ! test/json/test_json_addition.rb \| 46 27 + 19 - 0 ! test/json/test_json_string_matching.rb \| 11 5 + 6 - 0 ! 7 files changed, 94 insertions(+), 54 deletions(-)	fix denial of service and unsafe object creation vulnerability in JSON. [CVE-2013-0269]
CVE 2013 1821.patch \| (download)	lib/rexml/document.rb \| 12 12 + 0 - 0 ! lib/rexml/text.rb \| 40 25 + 15 - 0 ! test/rexml/test_entity.rb \| 18 18 + 0 - 0 ! 3 files changed, 55 insertions(+), 15 deletions(-)	fix entity expansion dos vulnerability in rexml CVE-2013-1821
CVE 2013 2065.patch \| (download)	ext/dl/lib/dl/func.rb \| 3 3 + 0 - 0 ! ext/fiddle/function.c \| 9 9 + 0 - 0 ! 2 files changed, 12 insertions(+)	---
CVE 2013 4073.patch \| (download)	ext/openssl/lib/openssl/ssl-internal.rb \| 18 13 + 5 - 0 ! test/openssl/test_ssl.rb \| 29 29 + 0 - 0 ! 2 files changed, 42 insertions(+), 5 deletions(-)	fix hostname check bypassing vulnerability in ssl client CVE-2013-4073: Hostname identity check did not properly handle hostnames in the certificate that contain null bytes.
CVE 2013 4164.patch \| (download)	test/ruby/test_float.rb \| 12 12 + 0 - 0 ! util.c \| 14 12 + 2 - 0 ! 2 files changed, 24 insertions(+), 2 deletions(-)	fix heap overflow in floating point parsing This vulnerability is tracked with CVE-2013-4164. . https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
CVE 2014 4975.patch \| (download)	pack.c \| 8 5 + 3 - 0 ! test/ruby/test_pack.rb \| 8 8 + 0 - 0 ! 2 files changed, 13 insertions(+), 3 deletions(-)	fix cve-2014-4975
CVE 2014 8080.patch \| (download)	lib/rexml/entity.rb \| 6 6 + 0 - 0 ! test/rexml/test_document.rb \| 27 27 + 0 - 0 ! test/rexml/test_entity.rb \| 16 16 + 0 - 0 ! 3 files changed, 49 insertions(+)	fix cve-2014-8080
CVE 2014 8090.patch \| (download)	lib/rexml/document.rb \| 4 4 + 0 - 0 ! lib/rexml/entity.rb \| 1 1 + 0 - 0 ! test/rexml/test_document.rb \| 51 51 + 0 - 0 ! 3 files changed, 56 insertions(+)	fix cve-2014-8090
CVE 2015 1855.patch \| (download)	ext/openssl/lib/openssl/ssl-internal.rb \| 62 58 + 4 - 0 ! test/openssl/test_ssl.rb \| 152 152 + 0 - 0 ! 2 files changed, 210 insertions(+), 4 deletions(-)	fix openssl hostname verification Backported from the Ruby 2.0 branch. See https://bugs.ruby-lang.org/issues/9644 for details.

Patch	File delta	Description
909_update_lib_README.diff \| (download)	lib/README \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	---
100731_disable tests.diff \| (download)	bootstraptest/test_io.rb \| 44 22 + 22 - 0 ! bootstraptest/test_thread.rb \| 30 15 + 15 - 0 ! 2 files changed, 37 insertions(+), 37 deletions(-)	disable two tests that are problematic on freebsd Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590002 First test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543805 and upstream bug http://redmine.ruby-lang.org/issues/show/2008 Second test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542927 and upstream bug http://redmine.ruby-lang.org/issues/show/2025 It was fixed, but is now timing dependent.
903_skip_base_ruby_check.diff \| (download)	configure.in \| 2 0 + 2 - 0 ! 1 file changed, 2 deletions(-)	---
20100829 rubygems_disable_update_system.diff \| (download)	lib/rubygems/commands/update_command.rb \| 4 4 + 0 - 0 ! test/rubygems/test_gem_commands_update_command.rb \| 12 6 + 6 - 0 ! 2 files changed, 10 insertions(+), 6 deletions(-)	---
20100829 rubygems_default_dir.diff \| (download)	lib/rubygems/defaults.rb \| 57 33 + 24 - 0 ! test/rubygems/test_gem.rb \| 4 2 + 2 - 0 ! 2 files changed, 35 insertions(+), 26 deletions(-)	---
110720_tcltk_disable_rpath.diff \| (download)	ext/tk/extconf.rb \| 12 6 + 6 - 0 ! 1 file changed, 6 insertions(+), 6 deletions(-)	---
090729_fix_Makefile_deps.diff \| (download)	common.mk \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
090803_exclude_rdoc.diff \| (download)	common.mk \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
110825 run tests verbose.patch \| (download)	common.mk \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	run tests in verbose mode
110825 tests_broken_as_root.patch \| (download)	test/gdbm/test_gdbm.rb \| 4 2 + 2 - 0 ! test/test_find.rb \| 2 2 + 0 - 0 ! 2 files changed, 4 insertions(+), 2 deletions(-)	add some description
110829 freebsd_assert_normal_exit.patch \| (download)	bootstraptest/runner.rb \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	---
110829 hurd_dirent_usage.patch \| (download)	configure.in \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	---
hurd path max.diff \| (download)	addr2line.c \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	---
20120517 r35434.patch \| (download)	lib/drb/ssl.rb \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
20120927 cve_2011_1005.patch \| (download)	error.c \| 8 1 + 7 - 0 ! test/ruby/test_exception.rb \| 51 51 + 0 - 0 ! 2 files changed, 52 insertions(+), 7 deletions(-)	prevent untainted strings from being incorrectly tainted This flaw allowed untainted strings to be tainted and modified, even in safe level 4.
CVE 2012 4522.patch \| (download)	file.c \| 3 3 + 0 - 0 ! test/ruby/test_file.rb \| 10 10 + 0 - 0 ! 2 files changed, 13 insertions(+)	path name must not contain nul bytes. This is a fix for CVE-2012-4522.
20121120 cve 2012 5371.diff \| (download)	common.mk \| 3 2 + 1 - 0 ! random.c \| 23 23 + 0 - 0 ! siphash.c \| 483 483 + 0 - 0 ! siphash.h \| 48 48 + 0 - 0 ! string.c \| 6 0 + 6 - 0 ! 5 files changed, 556 insertions(+), 7 deletions(-)	replace hash implementation to avoid dos attacks This patch fixes CVE-2012-5371 Bug-Debian: http://bugs.debian.org/693024
CVE 2013 0256.patch \| (download)	lib/rdoc/generator/template/darkfish/js/darkfish.js \| 16 9 + 7 - 0 ! 1 file changed, 9 insertions(+), 7 deletions(-)	[patch] * lib/rdoc: import rdoc 3.9.5. NOTE: This patch includes only main correctios.
CVE 2013 0269.patch \| (download)	ext/json/lib/json/add/core.rb \| 9 6 + 3 - 0 ! ext/json/lib/json/common.rb \| 17 12 + 5 - 0 ! ext/json/parser/parser.c \| 36 18 + 18 - 0 ! ext/json/parser/parser.rl \| 5 4 + 1 - 0 ! test/json/test_json.rb \| 24 22 + 2 - 0 ! test/json/test_json_addition.rb \| 46 27 + 19 - 0 ! test/json/test_json_string_matching.rb \| 11 5 + 6 - 0 ! 7 files changed, 94 insertions(+), 54 deletions(-)	fix denial of service and unsafe object creation vulnerability in JSON. [CVE-2013-0269]
CVE 2013 1821.patch \| (download)	lib/rexml/document.rb \| 12 12 + 0 - 0 ! lib/rexml/text.rb \| 40 25 + 15 - 0 ! test/rexml/test_entity.rb \| 18 18 + 0 - 0 ! 3 files changed, 55 insertions(+), 15 deletions(-)	fix entity expansion dos vulnerability in rexml CVE-2013-1821
CVE 2013 2065.patch \| (download)	ext/dl/lib/dl/func.rb \| 3 3 + 0 - 0 ! ext/fiddle/function.c \| 9 9 + 0 - 0 ! 2 files changed, 12 insertions(+)	---
CVE 2013 4073.patch \| (download)	ext/openssl/lib/openssl/ssl-internal.rb \| 18 13 + 5 - 0 ! test/openssl/test_ssl.rb \| 29 29 + 0 - 0 ! 2 files changed, 42 insertions(+), 5 deletions(-)	fix hostname check bypassing vulnerability in ssl client CVE-2013-4073: Hostname identity check did not properly handle hostnames in the certificate that contain null bytes.
CVE 2013 4164.patch \| (download)	test/ruby/test_float.rb \| 12 12 + 0 - 0 ! util.c \| 14 12 + 2 - 0 ! 2 files changed, 24 insertions(+), 2 deletions(-)	fix heap overflow in floating point parsing This vulnerability is tracked with CVE-2013-4164. . https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
CVE 2014 4975.patch \| (download)	pack.c \| 8 5 + 3 - 0 ! test/ruby/test_pack.rb \| 8 8 + 0 - 0 ! 2 files changed, 13 insertions(+), 3 deletions(-)	fix cve-2014-4975
CVE 2014 8080.patch \| (download)	lib/rexml/entity.rb \| 6 6 + 0 - 0 ! test/rexml/test_document.rb \| 27 27 + 0 - 0 ! test/rexml/test_entity.rb \| 16 16 + 0 - 0 ! 3 files changed, 49 insertions(+)	fix cve-2014-8080
CVE 2014 8090.patch \| (download)	lib/rexml/document.rb \| 4 4 + 0 - 0 ! lib/rexml/entity.rb \| 1 1 + 0 - 0 ! test/rexml/test_document.rb \| 51 51 + 0 - 0 ! 3 files changed, 56 insertions(+)	fix cve-2014-8090
CVE 2015 1855.patch \| (download)	ext/openssl/lib/openssl/ssl-internal.rb \| 62 58 + 4 - 0 ! test/openssl/test_ssl.rb \| 152 152 + 0 - 0 ! 2 files changed, 210 insertions(+), 4 deletions(-)	fix openssl hostname verification Backported from the Ruby 2.0 branch. See https://bugs.ruby-lang.org/issues/9644 for details.